A friend of mine has been receiving some weird emails lately and would like to know where they are originating from. I have a vague recollection you can trace the route of an email via IP using the header information, but this is hidden in mailer applications (unless you are using a UNIX mailer????). Anyone know how I can dig up the IP trail? Be nice to know whether they originated from the same ISP, i.e. potentially traceable, or from internet cafes.

Just checking now. He has forwarded the mail to me, but I assume the header information is not sent? One of the emails was sent to his Yahoo.co.uk account and one to his work one, which he picks up on a Mac I believe. Just trying to find out now.

The problem is you can't tell if it's genuine, there are e-mail redirecters out there that strip out this header information and replace it with their own so you can only see it came from them but not where it was before that.

Cheers John. How do I reveal the header? I need to give instructions to a technically useless friend.

I am aware that the email might have been bounced around, but not convinced, from the tone of the emails, that the person is necessarily that adept. Hoping to find a common domain at least, if not a common IP.

Cheers Steff. I have got the IP from one of their emails - just need to check whether they are on a static or dynamic for the same host. Either way, probably enough to report abuse. Just wondered what the in-reply-to and references meant - this person forwarded my friend a confidential email my friend had sent to a third party. Trying to figure out where this person got the email from - whether it was sent to them in error, or whether they have somehow compromised my friends account.

That forum looks useful though, and once I have checked the header from multiple emails I may post there on Monday.

EDIT: Great link Steff! Just run a check and now have a geographical location for the server that the IP address belongs to. Very interesting.